12809 – Assertion failure caused smbd to panic and abort in close_remove_share_mode()

Bug 12809 - Assertion failure caused smbd to panic and abort in close_remove_share_mode()

Summary: Assertion failure caused smbd to panic and abort in close_remove_share_mode()

Status:	NEW

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	Clustering (show other bugs)
Version:	4.6.2
Hardware:	x64 Linux

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Volker Lendecke
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2017-05-30 18:22 UTC by Anoop C S
Modified:	2017-05-31 04:36 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Anoop C S 2017-05-30 18:22:17 UTC

In a 4 node Samba CTDB setup, smbd went panic on one node and aborted during an assertion failure in close_remove_share_mode() making the node UNHEALTHY while executing `ctdb stop` and `ctdb continue` one after the other on 3 out of 4 nodes with an active I/O running from a Windows client. Following back trace was observed from the core dump file.

(gdb) bt
#0  0x00007fa85c9941d7 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1  0x00007fa85c9958c8 in __GI_abort () at abort.c:90
#2  0x00007fa85e3184de in dump_core () at ../source3/lib/dumpcore.c:338
#3  0x00007fa85e3096e7 in smb_panic_s3 (why=<optimized out>) at ../source3/lib/util.c:814
#4  0x00007fa8603e395f in smb_panic (why=why@entry=0x7fa8600d254d "assert failed: got_tokens") at
../lib/util/fault.c:166
#5  0x00007fa85ff76a39 in close_remove_share_mode (close_type=NORMAL_CLOSE, fsp=0x7fa86293b980) at
../source3/smbd/close.c:381
#6  close_normal_file (close_type=NORMAL_CLOSE, fsp=0x7fa86293b980, req=0x7fa86293e080) at
../source3/smbd/close.c:755
#7  close_file (req=req@entry=0x7fa86293e080, fsp=fsp@entry=0x7fa86293b980, close_type=close_type@en
try=NORMAL_CLOSE) at ../source3/smbd/close.c:1233
#8  0x00007fa85ffac803 in smbd_smb2_close (req=req@entry=0x7fa86293d970, fsp=fsp@entry=0x7fa86293b98
0, in_flags=in_flags@entry=0, out_flags=0x7fa86293ded2, out_creation_ts=0x7fa86293ded8,
    out_last_access_ts=0x7fa86293dee8, out_last_write_ts=0x7fa86293def8,
out_change_ts=0x7fa86293df08, out_allocation_size=0x7fa86293df18, out_end_of_file=0x7fa86293df20,
    out_file_attributes=0x7fa86293df28) at ../source3/smbd/smb2_close.c:260
#9  0x00007fa85ffad04d in smbd_smb2_close_send (in_flags=0, in_fsp=0x7fa86293b980,
smb2req=0x7fa86293d970, ev=0x7fa862801d10, mem_ctx=0x7fa86293d970) at
../source3/smbd/smb2_close.c:334
#10 smbd_smb2_request_process_close (req=req@entry=0x7fa86293d970) at
../source3/smbd/smb2_close.c:70
#11 0x00007fa85ffa14bb in smbd_smb2_request_dispatch (req=req@entry=0x7fa86293d970) at
../source3/smbd/smb2_server.c:2585
#12 0x00007fa85ffa2ab2 in smbd_smb2_io_handler (fde_flags=<optimized out>, xconn=0x7fa862840620) at
../source3/smbd/smb2_server.c:3872
#13 smbd_smb2_connection_handler (ev=<optimized out>, fde=<optimized out>, flags=<optimized out>,
private_data=<optimized out>) at ../source3/smbd/smb2_server.c:3910
#14 0x00007fa85cd2aedb in epoll_event_loop (tvalp=0x7ffdd24d23a0, epoll_ev=0x7fa86281ddd0) at
../tevent_epoll.c:728
#15 epoll_event_loop_once (ev=<optimized out>, location=<optimized out>) at ../tevent_epoll.c:930
#16 0x00007fa85cd292a7 in std_event_loop_once (ev=0x7fa862801d10, location=0x7fa8600de5e8
"../source3/smbd/process.c:4125") at ../tevent_standard.c:114
#17 0x00007fa85cd250cd in _tevent_loop_once (ev=ev@entry=0x7fa862801d10, location=location@entry=0x7
fa8600de5e8 "../source3/smbd/process.c:4125") at ../tevent.c:721
#18 0x00007fa85cd252fb in tevent_common_loop_wait (ev=0x7fa862801d10, location=0x7fa8600de5e8
"../source3/smbd/process.c:4125") at ../tevent.c:844
#19 0x00007fa85cd29247 in std_event_loop_wait (ev=0x7fa862801d10, location=0x7fa8600de5e8
"../source3/smbd/process.c:4125") at ../tevent_standard.c:145
#20 0x00007fa85ff90cb4 in smbd_process (ev_ctx=ev_ctx@entry=0x7fa862801d10, msg_ctx=msg_ctx@entry=0x
7fa862802970, sock_fd=sock_fd@entry=39, interactive=interactive@entry=false)
    at ../source3/smbd/process.c:4125
#21 0x00007fa860c85a74 in smbd_accept_connection (ev=0x7fa862801d10, fde=<optimized out>,
flags=<optimized out>, private_data=<optimized out>) at ../source3/smbd/server.c:1017
#22 0x00007fa85cd2aedb in epoll_event_loop (tvalp=0x7ffdd24d2630, epoll_ev=0x7fa862801f90) at
../tevent_epoll.c:728
#23 epoll_event_loop_once (ev=<optimized out>, location=<optimized out>) at ../tevent_epoll.c:930
#24 0x00007fa85cd292a7 in std_event_loop_once (ev=0x7fa862801d10, location=0x7fa860c895d9
"../source3/smbd/server.c:1384") at ../tevent_standard.c:114
#25 0x00007fa85cd250cd in _tevent_loop_once (ev=ev@entry=0x7fa862801d10, location=location@entry=0x7
fa860c895d9 "../source3/smbd/server.c:1384") at ../tevent.c:721
#26 0x00007fa85cd252fb in tevent_common_loop_wait (ev=0x7fa862801d10, location=0x7fa860c895d9
"../source3/smbd/server.c:1384") at ../tevent.c:844
#27 0x00007fa85cd29247 in std_event_loop_wait (ev=0x7fa862801d10, location=0x7fa860c895d9
"../source3/smbd/server.c:1384") at ../tevent_standard.c:145
#28 0x00007fa860c80a95 in smbd_parent_loop (parent=<optimized out>, ev_ctx=0x7fa862801d10) at
../source3/smbd/server.c:1384
#29 main (argc=<optimized out>, argv=<optimized out>) at ../source3/smbd/server.c:2038

(gdb) f 5
#5  0x00007fa85ff76a39 in close_remove_share_mode (close_type=NORMAL_CLOSE, fsp=0x7fa86293b980) at
../source3/smbd/close.c:381
381             SMB_ASSERT(got_tokens);